{ config, lib, pkgs, inputs, outputs, ... }: { imports = [ # Essential modules for all systems inputs.sops-nix.nixosModules.sops ../modules/homelab # User configurations ../users/plasmagoat.nix # Secrets management ../secrets ]; # Colmena deployment defaults deployment = { targetHost = lib.mkDefault "${config.homelab.hostname}.${config.homelab.domain}"; tags = [config.nixpkgs.system config.networking.hostName]; replaceUnknownProfiles = lib.mkDefault true; buildOnTarget = lib.mkDefault false; }; # Basic system configuration that applies to ALL systems nix = { settings = { experimental-features = ["nix-command" "flakes"]; auto-optimise-store = true; allowed-users = ["@wheel"]; trusted-users = ["root" "@wheel"]; }; gc = { automatic = true; options = "--delete-older-than 15d"; dates = "daily"; }; optimise.automatic = true; extraOptions = '' keep-outputs = true keep-derivations = true ''; }; # Basic security security.sudo.wheelNeedsPassword = false; # SSH configuration services.openssh = { enable = true; openFirewall = true; settings = { PasswordAuthentication = false; PermitRootLogin = "prohibit-password"; KbdInteractiveAuthentication = false; }; }; services.sshguard.enable = true; programs.ssh.startAgent = true; # Basic packages for all systems environment.systemPackages = with pkgs; [ dig nmap traceroute vim git curl python3 htop tree ]; # Timezone and locale time.timeZone = lib.mkDefault "Europe/Copenhagen"; console.keyMap = lib.mkDefault "dk-latin1"; i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; # System backup job (applies to all systems) # homelab.global.backups.jobs = [ # { # name = "system-config"; # backend = "restic"; # paths = [ # "/etc/nixos" # "/etc/sops" # "/var/lib/nixos" # ]; # schedule = "daily"; # excludePatterns = [ # "*/cache/*" # "*/tmp/*" # ]; # } # ]; # Default state version system.stateVersion = lib.mkDefault "25.05"; }